Full details of the release can be found here. I've been a big fan & user of Suricata for just over a year now & I've previously written about deploying Suricata on Centos (or RHEL) here. The project still maintains some of the best documentation for an open project I've come across & you can find everything you need to install Suricata here. Additional resources that might be useful for anyone considering deploying or upgrading existing Suricata installations might include Suricata 4.0 RPMs (here) & the Stamus Networks write up on Suricata 4.0 improvements (here). I've just got my first Suricata 4.0 install into the lab & I've summarised the steps I took below. It goes without saying that you need to consider your own setup & services when planning to upgrade.

Suricon 2017 & discounted Suricata training

Suricon, the annual Suricata users conference, is set to take place in Prague in November. You can still get tickets here. There is also a range of training options, including development & rule sigdev here.

Get link

Facebook

Twitter

Pinterest

Email

Other Apps

Popular posts from this blog

I was recently tasked with throwing up a replacement IDS box after an appliance 'died' in not-so-mysterious circumstances during some DC work. The IDS (Suricata) was stipulated, as was the base platform (RHEL 7).

I wanted to share here some of the notes I made during the build and subsequent testing, some useful links as well as one 'gotcha' I encountered along the way. These might cause you headaches in keeping your IDS running.

There are a ton of good articles already around covering how to get Suricata working on CentOS (RHEL's community backed spin off) but special mention has to go out to Daniel Miessler's guide which I've linked to below. In terms of getting Suricata up and running it really covers everything.

That gotchaYou can provide Suricata with parameters around pcap file management if you're capturing full packet and writing it to disk. These parameters are the size limit for each pcap file and the number of files to retain. For example, you c…

There are a couple of reasons why you might want to install Kali linux on an inexpensive hardware platform that you can deploy, abandon or hide somewhere. An obvious use might be to serve as an 'Evil AP' in support of wireless assessments. Kali linux is officially supported on a number of low-cost ARM based devices, with Offensive Security maintaining minimal, streamlined pre-built images which can be copied across to an SD card, installed and then configured with the packages you need for the task you have in mind.

Installing Kali Linux on a Raspberry Pi Offensive Security maintain good documentation here. For the our needs:Download and verify the image from here.$ shasum -a 256 /Volumes/SANDISK/kali-2017.01-rpi2.img.xzDD the image over the SD cards$ sudo dd if=kali-2017.01-rpi2.img of=/dev/disk2 bs=1mInsert the SD cards after the dd has completed and boot the rpi. I had a DHCP reservation set on my router so I knew what IP it would get. I also made sure I plugged in the extr…

Apart from being a
source of all too frequent and embarrassing typos, Splunk is a big data
platform which allows you to interrogate data and present results is a variety
of contexts and visualisations. I've been using it for a little over 12 months,
self teaching or Googleing as I go, predominantly to sift through the
terabytes of logs from various applications and appliances that get generated
in my 9-5 every day.

I've started to pull together all the searches, notes and bits of code into a sort of security cheat sheet which I thought would be a good thing to share as well as
providing some real world examples of how you might use Splunk in a security
context.

I'm actively working back through my notes and adding to this all the time so it might be a good thing to reference via the URL or re-visit from time to time. I'll try to keep this as accessible as possible and base it around real world examples and use cases.